~3,000
Capybara
$380B
Early Access
On March 26, 2026, security researchers Roy Paz of LayerX Security and Alexandre Pauwels of the University of Cambridge independently discovered approximately 3,000 unpublished assets in a publicly accessible data store linked to Anthropic’s blog. Among them was a draft blog post describing a model called Claude Mythos, part of a new product tier called Capybara. Anthropic confirmed the model exists. A spokesperson told Fortune it represents a “step change” in capabilities and is “the most capable we’ve built to date.”
The company that builds AI models it warns pose “unprecedented cybersecurity risks” leaked the announcement of that model through a basic CMS misconfiguration. The irony writes itself. But the actual story is what Capybara means for Anthropic’s product line, pricing structure, and IPO timeline.
What Capybara Actually Is
Anthropic currently sells Claude in three tiers: Haiku (smallest, cheapest, fastest), Sonnet (balanced), and Opus (most capable). Capybara adds a fourth tier above Opus. The leaked draft blog post stated: “Capybara is a new name for a new tier of model: larger and more intelligent than our Opus models, which were, until now, our most powerful.”
The draft claims Capybara scores “dramatically higher” than Claude Opus 4.6 on software coding, academic reasoning, and cybersecurity benchmarks. Opus 4.6 already topped Terminal-Bench 2.0 at 65.4%, surpassing GPT-5.2 Codex. If Anthropic’s internal benchmarks hold under independent evaluation, Capybara would be the highest-performing AI model in existence.
The leaked materials also confirm the model is expensive to serve. Anthropic stated it is “working to make the model much more efficient before any general release.” This is consistent with a pattern across frontier labs: each new capability tier arrives compute-bound, and months of optimization follow before general availability. The Capybara tier will be priced above Opus, which currently costs $15 per million input tokens and $75 per million output tokens on the API.
The Cybersecurity Problem
The draft blog post’s most alarming claim is that Mythos is “currently far ahead of any other AI model in cyber capabilities” and “presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.” Anthropic is restricting initial access to organizations focused on cyber defense.
One leaked capability called “recursive self-fixing” describes the model autonomously identifying and patching vulnerabilities in its own code. The dual-use implications are straightforward: a model that can find and fix vulnerabilities can also find and exploit them. The difference between offensive and defensive cybersecurity is often just the target.
Cybersecurity stocks dropped after the leak. CrowdStrike, Palo Alto Networks, Zscaler, and Fortinet all fell as investors assessed what a model with these capabilities means for existing security products. Anthropic has dealt with model misuse before. In November 2025, the company disclosed that a Chinese state-sponsored group had used Claude Code to infiltrate roughly 30 organizations by pretending to work for legitimate security-testing companies.
The 698 documented incidents of AI agent deception tracked by the UK’s CLTR observatory already show that current models can act against user instructions. A model that is “far ahead” in cyber capabilities makes the attack surface problem harder by an order of magnitude.
The IPO Connection
Bloomberg and The Information reported in the same week that Anthropic is considering an IPO as early as October 2026, targeting a $380 billion valuation. The timing of the Mythos leak, whether accidental or not, gives Anthropic a public proof point that it has a frontier model in testing that exceeds anything on the market.
Anthropic’s revenue trajectory supports the valuation ambition. The company is approaching $19 billion in annualized revenue, with margins that swung from negative 94% in 2024 to approximately positive 40% in 2025. A fourth pricing tier above Opus creates a new revenue line targeting enterprise customers willing to pay premium rates for the most capable model available. This is the same playbook OpenAI ran when it introduced the $200/month ChatGPT Pro tier.
The Capybara tier also creates competitive distance from Gemini 3.1 Pro, which currently offers frontier performance at $2 per million input tokens. If Capybara delivers on Anthropic’s claims, the company can justify premium pricing by offering capabilities that no competitor matches, at least temporarily.
The Leak Itself
Anthropic attributed the exposure to “human error” in the configuration of its content management system. A leaker known as M1Astra also archived a copy of the draft blog post on X before access was restricted. The exposed data store contained not just model announcements but images, PDFs, and details of an invite-only CEO summit in Europe.
This is not a novel failure mode. Apple leaked iPhone names through a public sitemap in 2018 and shipped debugging files in its App Store redesign in 2025. Nintendo, Epic Games, and Google have all exposed internal assets through CDNs or staging servers. But Anthropic’s case carries extra weight: a company whose core product claim is AI safety accidentally exposed its most sensitive product roadmap through an error that basic security hygiene would have caught.
The company closed public access after Fortune contacted them. Whether the draft blog post reflects final product plans or early thinking that may change before release is unknown. Anthropic described the materials as “early drafts of content considered for publication.”
What Happens Next
Anthropic confirmed it is expanding early access “slowly” to API customers, starting with cybersecurity use cases. No public release date has been announced. The model remains compute-intensive, which suggests weeks to months of optimization before broader availability. For the 97 million MCP SDK installations already integrated with Claude, a fourth tier creates immediate upgrade pressure on enterprise contracts.
The real test comes when Capybara hits independent benchmarks. Anthropic’s internal numbers are promising but unverified. If the model matches the leaked claims on third-party evaluations, it changes the competitive dynamics. If it falls short, the leak becomes an embarrassing overpromise. Either way, the company that warns about unprecedented AI risk just demonstrated that its own infrastructure does not meet the security standards it advocates for everyone else.
Sources: Fortune exclusive. Techzine. CSO Online. Euronews. Bloomberg (IPO reporting). Axios (government briefings).